----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48130/#review136143 -----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java (line 150) <https://reviews.apache.org/r/48130/#comment201171> Rename "authMethod" ==> "kerberosAuthNEnabled" webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java (line 154) <https://reviews.apache.org/r/48130/#comment201172> Should "simple" authentication be supported now? Shouldn't the flow be: 1. if kerberos authn is enabled - try kerberos auth 2. if unauthenticated && ldap authn is enabled - try ldap authn 3. if unauthenticated && file authn is enabled - try file authn 4. if unauthenticated - fail authentication webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java (line 305) <https://reviews.apache.org/r/48130/#comment201167> Consider "break;" after retrieving the username from cookie. webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java (line 98) <https://reviews.apache.org/r/48130/#comment201163> Rename "authMethod" ==> "kerberosAuthNEnabled" webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java (line 103) <https://reviews.apache.org/r/48130/#comment201164> Should "simple" authentication be supported now? Shouldn't the flow be: 1. if kerberos authn is enabled - try kerberos auth 2. if unauthenticated && ldap authn is enabled - try ldap authn 3. if unauthenticated && file authn is enabled - try file authn 4. if unauthenticated - fail authentication webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java (line 37) <https://reviews.apache.org/r/48130/#comment201162> Consider using boolean types here, with variable names like: boolean fileAuthNEnabled = true; boolean ldapAuthNEnabled = false; webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java (line 55) <https://reviews.apache.org/r/48130/#comment201158> Consider using "true" as default for "atlas.authentication.method.file". webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java (line 89) <https://reviews.apache.org/r/48130/#comment201160> This else {} block can be removed, as fileAuthentication is being handled in line #99. - Madhan Neethiraj On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48130/ > ----------------------------------------------------------- > > (Updated June 2, 2016, 8:59 a.m.) > > > Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, > Shwetha GS, and Hemanth Yamijala. > > > Bugs: ATLAS-820 > https://issues.apache.org/jira/browse/ATLAS-820 > > > Repository: atlas > > > Description > ------- > > Kerberos-Authentication-related-changes. > > Changes includes. > > * Adding/Configaration of AtlasAuthentication fitler into spring's filter. > * Refactoring of authentication related properties. > > > Diffs > ----- > > common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 > distro/src/conf/atlas-application.properties bfa40e8 > distro/src/conf/policy-store.txt 339f014 > webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 > > webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java > 2d84b10 > > webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java > PRE-CREATION > webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java > PRE-CREATION > webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java > 010fa2a > webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java > b7943e7 > > webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java > 389a609 > webapp/src/main/resources/spring-security.xml bba054d > > webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java > a07874a > > Diff: https://reviews.apache.org/r/48130/diff/ > > > Testing > ------- > > * Tested Quick Started in both kerberos and normal env. > * mvn clean install. > * Tested atlas UI in kerberized and non kerberized browser. > * Executed curl commands with and without kinit. > > kinit -kt /etc/security/keytabs/atlas.service.keytab > atlas/[email protected] > > curl url curl -v -u admin:admin > http://mp-atls-495-1.openstacklocal:21000/api/atlas/types > curl with –negotiate curl -k -v --negotiate -u : > http://mp-atls-495-1.openstacklocal:21000/api/atlas/types > curl with without negotiate curl -k -v -u : > http://mp-atls-495-1.openstacklocal:21000/api/atlas/types > curl with -u admin:admin curl -v -u admin:admin > http://mp-atls-495-1.openstacklocal:21000/api/atlas/types > with browser google-chrome > –auth-server-whitelist="mp-atls-495-1.openstacklocal" > > > Thanks, > > Nixon Rodrigues > >
